Secure the Operating System Layer
We recommend these best practices for hardening your operating system.
- Check and install Windows updates.
- Apply the latest patches and updates.
- Remove or disable unnecessary services and software.
- Assign minimal permissions to system users.
- Enable auditing.
- Follow any additional OS-level hardening steps recommended by the security/IT teams at your organization.
- Adjust the Windows Schannel configuration to limit access to insecure protocols and cipher suites, and to set preferred cipher suite order.
You can modify the Schannel configuration manually via the registry and group policy editor (see Secure Channel - Win32 apps).
Or you can use the third-party tool IIS Crypto (For example, Nartac Software - IIS Crypto. If you decide to use IIS Crypto, their built-in ‘Best Practices’ template is a great starting point.).
Contact your operating system vendor for additional recommended best practices for hardening your operating system.